[CentOS-virt] firewall best practice on dom-0

Sun Jul 13 12:19:04 UTC 2008
Kai Schaetzl <maillists at conactive.com>

I took over a custom firewall script from my older Suse machines to my 
Dom-Us and it works just fine. Doing the same for Dom-0 immediately killed 
all traffic for the VMs. As there was no need before I had been dropping 
everything on the FORWARD chain. After ACCEPTing all for FORWARD my VMs 
are happy again.
What's best practice on Dom-0, what do you do? Can I restrict the 
forwarding, in which way?

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com